Bug report
Describe the bug
When using a Custom OAuth2 provider, the authentication flow completes successfully on the provider side, but Supabase returns:
server_error: missing provider id
This happens during the callback phase, when exchanging the authorization code for a session.
To Reproduce
- Create a custom OAuth provider using the admin API:
await supabaseAdmin.auth.admin.customProviders.createProvider({
provider_type: "oauth2",
identifier: "custom:suap",
name: "SUAP",
client_id: "2DOUpBY6...f21C", // partially masked
client_secret: "[REDACTED]",
authorization_url: "https://suap.ifmg.edu.br/o/authorize/",
token_url: "https://suap.ifmg.edu.br/o/token/",
userinfo_url: "https://suap.ifmg.edu.br/api/v2/minhas-informacoes/meus-dados/",
scopes: ["identificacao"],
pkce_enabled: true
});
- Start OAuth flow:
const { data } = await supabase.auth.signInWithOAuth({
provider: "custom:suap",
options: {
redirectTo: "http://localhost:5173/api/auth/suap/callback",
},
});
if (data.url) {
redirect(302, data.url);
}
-
User authenticates successfully on the OAuth provider
-
Supabase redirects to:
https://<project>.supabase.co/auth/v1/callback?code=...&state=...
- Then redirects to local callback:
http://localhost:5173/api/auth/suap/callback?error=server_error&error_description=error+missing+provider+id
Callback Handling Code
const code = request.url.searchParams.get("code");
if (code) {
const { error } = await supabase.auth.exchangeCodeForSession(code);
}Observed Behavior
- OAuth login succeeds on provider
- Authorization code is returned correctly
- Supabase callback endpoint is hit
- Auth Logs contains no errors
- Final redirect contains error:
error=server_error
error_description=error missing provider id
Network Trace
Authorization request:
https://suap.ifmg.edu.br/o/authorize/?client_id=...&code_challenge=...&redirect_uri=https://<project>.supabase.co/auth/v1/callback&state=...
Callback to Supabase:
https://<project>.supabase.co/auth/v1/callback?code=...&state=...
Final redirect:
http://localhost:5173/api/auth/suap/callback?error=server_error&error_description=error+missing+provider+id
OAuth Provider Details
Token endpoint (/o/token)
Returns:
{
"access_token": "...",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "identificacao",
"refresh_token": "..."
}User info endpoint (/api/v2/minhas-informacoes/meus-dados/)
Returns a JSON object with fields like:
idnome_usualemailcpf- nested
vinculo object
Fields are mainly in brazilian portuguese, but ˋemailˋ is there.
Expected behavior
Supabase should successfully resolve the provider (custom:suap), exchange the code, and create a session.
System information
- OS: Windows 10 Extended Support
- Browser: Brave
- Version of supabase-js: 2.105.1
- Version of supabase/ssr: 0.10.2
- Version of Node.js: 24.15.0
Additional context
- Using PKCE
- Custom provider identifier:
custom:suap
- Framework: SvelteKit
- Redirect URL is correctly configured both in Supabase (localhost url) and provider (Supabase callback url)
Bug report
Describe the bug
When using a Custom OAuth2 provider, the authentication flow completes successfully on the provider side, but Supabase returns:
server_error: missing provider idThis happens during the callback phase, when exchanging the authorization code for a session.
To Reproduce
User authenticates successfully on the OAuth provider
Supabase redirects to:
Callback Handling Code
Observed Behavior
Network Trace
Authorization request:
Callback to Supabase:
Final redirect:
OAuth Provider Details
Token endpoint (
/o/token)Returns:
{ "access_token": "...", "expires_in": 3600, "token_type": "Bearer", "scope": "identificacao", "refresh_token": "..." }User info endpoint (
/api/v2/minhas-informacoes/meus-dados/)Returns a JSON object with fields like:
idnome_usualemailcpfvinculoobjectFields are mainly in brazilian portuguese, but ˋemailˋ is there.
Expected behavior
Supabase should successfully resolve the provider (
custom:suap), exchange the code, and create a session.System information
Additional context
custom:suap